Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American.

Data Breaches in Payments Systems- Roles and Best Practices for

the Public and Private Sector Response

Don RhodesDirector

Risk Management PolicyAmerican Bankers Association

Risk Management

Risk Management

Agenda

▪ Corporate Account Takeover ▪ Zeus Trojan ▪ Best Practices ▪ ABA Efforts

Risk Management

Risk Management

Spear Phishing

Risk Management

Spear Phishing

Risk Management

Spear Phishing

Risk Management

Banking Trojans in the News

Silver Tail Systems

Risk Management

What Happened in Kentucky?County treasurer had Zeus malware on his PCCriminals stole credentials and logged in to bank accounts from treasurer’s PC

Reconnaissance used to plan theft Mule recruitment pretending to be CareerBuilder Created mules as fictitious employees Mules receive $9700 and sent $9200 to Ukraine via Western Union

More than 25 <$10,000 wire transfers /Total of $415k stolen

Silver Tail Systems

Risk Management

Business Exploit

Risk Management

Best Practices

1. Understand what data is most sensitive to your business

2. Know where this sensitive data resides 3. Understand your risk model 4. Select the appropriate controls based on policy, risk,

and where sensitive data resides 5. Manage security centrally 6. Audit security to constantly improve

http://www.rsa.com/

©2009 RSA Security Inc.

Risk Management

Best Practices

http://www.ftc.gov/infosecurity/

Risk Management

ABA Efforts

▪ National Card Fraud Task Force

▪ Information Security Working Group

▪ Risk Management ForumApril 28-30, Renaissance Vinoy, St. Petersburg, FL

Data Breaches in Payments Systems- Roles and Best Practices for

the Public and Private Sector Response

Don RhodesDirector

Risk Management PolicyAmerican Bankers Association

[email protected]

Risk Management